Hi Martijn,
Thanks for the quick response, now I get to read the smime-setup-guide.pdf
found on the website of djigzo, if I reach in doubt about how to configure
it'll be bothering you again.
···
--
Kindest Regards
Claudio.
Hello everyone,
We are using force encryption with an encryption subdomain, called encrypted.domain.com. We configured a persona as user(a)encrypted.domain.com within the user(a)domain.com account on our Zimbra email server.
When I create an email with the user(a)encrypted.domain.com persona the djigzo/postfix server appears to be looking at the Return-Path when identifying who the email is coming from, which in this case is showing up as user(a)domain.com. Regardless that the From address and reply-to address are user(a)encrypted.domain.com. The result of this is that the email does not get encrypted by the djigzo system
Is there a way to address this little problem within djigzo/postfix? We wanted to avoid using the keyword in the subject if possible.
Thanks for your time and responses!
Brad
If you don't mind the return address being user(a)encrypted.domain.com, you can
use an MX record to send all of the mail for encrypted.domain.com to
domian.com and sort it that way.
···
On Sunday, September 18, 2011, Brad Triem wrote:
Hello everyone,
We are using force encryption with an encryption subdomain, called
encrypted.domain.com. We configured a persona as user(a)encrypted.domain.com
within the user(a)domain.com account on our Zimbra email server.When I create an email with the user(a)encrypted.domain.com persona the
djigzo/postfix server appears to be looking at the Return-Path when
identifying who the email is coming from, which in this case is showing up
as user(a)domain.com. Regardless that the From address and reply-to address
are user(a)encrypted.domain.com. The result of this is that the email does
not get encrypted by the djigzo systemIs there a way to address this little problem within djigzo/postfix? We
wanted to avoid using the keyword in the subject if possible.Thanks for your time and responses!
Brad
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users
--
Nancy Anthracite
Gotchya.
Because I have the encrypted.domain.com set as a CNAME to domain.com, the return path is based on the MX of domain.com. I see. I will replace the CNAME with a regular A record with its own MX. What you say makes sense so hopefully this change will fix the problem. Thank you!
···
----- Original Message -----
From: "Nancy Anthracite" <nanthracite(a)earthlink.net>
To: users(a)lists.djigzo.com, "Brad Triem" <brad(a)trinsictech.com>
Sent: Sunday, September 18, 2011 11:00:47 AM
Subject: Re: force encryption problemIf you don't mind the return address being user(a)encrypted.domain.com,
you can
use an MX record to send all of the mail for encrypted.domain.com to
domian.com and sort it that way.On Sunday, September 18, 2011, Brad Triem wrote:
> Hello everyone,
>
> We are using force encryption with an encryption subdomain, called
> encrypted.domain.com. We configured a persona as
> user(a)encrypted.domain.com
> within the user(a)domain.com account on our Zimbra email server.
>
> When I create an email with the user(a)encrypted.domain.com persona
> the
> djigzo/postfix server appears to be looking at the Return-Path when
> identifying who the email is coming from, which in this case is
> showing up
> as user(a)domain.com. Regardless that the From address and reply-to
> address
> are user(a)encrypted.domain.com. The result of this is that the email
> does
> not get encrypted by the djigzo system
>
> Is there a way to address this little problem within
> djigzo/postfix? We
> wanted to avoid using the keyword in the subject if possible.
>
> Thanks for your time and responses!
>
>
> Brad
>
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com
> http://lists.djigzo.com/lists/listinfo/users--
Nancy Anthracite
Appears that didn't work. Below is the snippet from the djigzo maillog:
Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A: from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from localhost.localdomain[127.0.0.1]
Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A: to=<externaluser(a)externaldomain.net>, relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3, delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok 1316362805 qp 24043)
The from= shows user(a)domain.com. But when I receive the email in my test external account, it shows the From and reply-to as user(a)encrypted.domain.com. When I look at the header of the email, at the very top it shows "Return-Path: user(a)domain.com".
The mx records for encrypted.domain.com are set properly as well. Looking for a few more ideas or suggestions. Thanks again.
Brad
···
----- Original Message -----
If you don't mind the return address being user(a)encrypted.domain.com,
you can
use an MX record to send all of the mail for encrypted.domain.com to
domian.com and sort it that way.On Sunday, September 18, 2011, Brad Triem wrote:
> Hello everyone,
>
> We are using force encryption with an encryption subdomain, called
> encrypted.domain.com. We configured a persona as
> user(a)encrypted.domain.com
> within the user(a)domain.com account on our Zimbra email server.
>
> When I create an email with the user(a)encrypted.domain.com persona
> the
> djigzo/postfix server appears to be looking at the Return-Path when
> identifying who the email is coming from, which in this case is
> showing up
> as user(a)domain.com. Regardless that the From address and reply-to
> address
> are user(a)encrypted.domain.com. The result of this is that the email
> does
> not get encrypted by the djigzo system
>
> Is there a way to address this little problem within
> djigzo/postfix? We
> wanted to avoid using the keyword in the subject if possible.
>
> Thanks for your time and responses!
>
>
> Brad
>
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com
> http://lists.djigzo.com/lists/listinfo/users--
Nancy Anthracite
Djigzo uses the "From" header for the identity of the sender. If there
is no "From" header in the message. the envelope sender is used.
Sometimes the terms "from" and "sender" are used interchangeably. The
MPA logs therefore uses the term "originator" for the identity of the
sender. The originator by default uses the from header value.
The MTA logs (i.e., the Postfix logs) only show the envelope sender. The
envelope sender in the MTA logs is called "from". This is *not* the from
header. To see which identity is used, you should look at the MPA logs
(see the originator field).
In your case I guess the originator is "user(a)encrypted.domain.com" and
not "user(a)domain.com". You should therefore set all settings for the
sender on the encrypted.domain.com domain and not on the domain.com domain.
Hope this makes sense.
Kind regards,
Martijn Brinkers
···
On 09/18/2011 06:27 PM, Brad Triem wrote:
Appears that didn't work. Below is the snippet from the djigzo maillog:
Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A: from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from localhost.localdomain[127.0.0.1]
Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A: to=<externaluser(a)externaldomain.net>, relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3, delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok 1316362805 qp 24043)The from= shows user(a)domain.com. But when I receive the email in my test external account, it shows the From and reply-to as user(a)encrypted.domain.com. When I look at the header of the email, at the very top it shows "Return-Path: user(a)domain.com".
The mx records for encrypted.domain.com are set properly as well. Looking for a few more ideas or suggestions. Thanks again.
--
Djigzo open source email encryption
The MPA log shows the following:
8 Sep 2011 11:20:03 | INFO checkSMIMESign | MailID: ea7621fe-10ae-4f48-b888-c05532f2c91a; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
Based on what you said, this email should be encrypted due to the originators domain, unless I have something wrong in the below configuration for the domain in djigzo:
Locality: Internal
Encrypt Mode: Force
Encryption notification: checked
Password: blank
Password ID: blank
Validity Interval: 0
Send to originator: checked
S/MIME: not allowed
Subject trigger: not enabled
SMS: not enabled
PDF Encryption Allowed: checked
Max. message size: 52428800
Advanced Settings:
PDF Reply Allowed: checked
Validity Interval: 1440
Reply URL and Reply Sender configured
Thanks,
Brad
···
----- Original Message -----
On 09/18/2011 06:27 PM, Brad Triem wrote:
> Appears that didn't work. Below is the snippet from the djigzo
> maillog:
>
> Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A:
> from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
> Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from
> localhost.localdomain[127.0.0.1]
> Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A:
> to=<externaluser(a)externaldomain.net>,
> relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3,
> delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok
> 1316362805 qp 24043)
>
> The from= shows user(a)domain.com. But when I receive the email in
> my test external account, it shows the From and reply-to as
> user(a)encrypted.domain.com. When I look at the header of the
> email, at the very top it shows "Return-Path: user(a)domain.com".
>
> The mx records for encrypted.domain.com are set properly as well.
> Looking for a few more ideas or suggestions. Thanks again.Djigzo uses the "From" header for the identity of the sender. If
there
is no "From" header in the message. the envelope sender is used.
Sometimes the terms "from" and "sender" are used interchangeably. The
MPA logs therefore uses the term "originator" for the identity of the
sender. The originator by default uses the from header value.The MTA logs (i.e., the Postfix logs) only show the envelope sender.
The
envelope sender in the MTA logs is called "from". This is *not* the
from
header. To see which identity is used, you should look at the MPA
logs
(see the originator field).In your case I guess the originator is "user(a)encrypted.domain.com"
and
not "user(a)domain.com". You should therefore set all settings for the
sender on the encrypted.domain.com domain and not on the domain.com
domain.Hope this makes sense.
Kind regards,
Martijn Brinkers
You have set Encrypt Mode to "Force" but I think you need to set it to
"Mandatory". In retrospect force should have been named differently. If
you want to make encryption mandatory you should use mandatory.
Hopefully this helps.
Kind regards,
Martijn Brinkers
···
On 09/18/2011 09:00 PM, Brad Triem wrote:
----- Original Message -----
On 09/18/2011 06:27 PM, Brad Triem wrote:
Appears that didn't work. Below is the snippet from the djigzo
maillog:Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A:
from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from
localhost.localdomain[127.0.0.1]
Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A:
to=<externaluser(a)externaldomain.net>,
relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3,
delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok
1316362805 qp 24043)The from= shows user(a)domain.com. But when I receive the email in
my test external account, it shows the From and reply-to as
user(a)encrypted.domain.com. When I look at the header of the
email, at the very top it shows "Return-Path: user(a)domain.com".The mx records for encrypted.domain.com are set properly as well.
Looking for a few more ideas or suggestions. Thanks again.Djigzo uses the "From" header for the identity of the sender. If
there
is no "From" header in the message. the envelope sender is used.
Sometimes the terms "from" and "sender" are used interchangeably. The
MPA logs therefore uses the term "originator" for the identity of the
sender. The originator by default uses the from header value.The MTA logs (i.e., the Postfix logs) only show the envelope sender.
The
envelope sender in the MTA logs is called "from". This is *not* the
from
header. To see which identity is used, you should look at the MPA
logs
(see the originator field).In your case I guess the originator is "user(a)encrypted.domain.com"
and
not "user(a)domain.com". You should therefore set all settings for the
sender on the encrypted.domain.com domain and not on the domain.com
domain.Hope this makes sense.
Kind regards,
Martijn Brinkers
The MPA log shows the following:
8 Sep 2011 11:20:03 | INFO checkSMIMESign | MailID: ea7621fe-10ae-4f48-b888-c05532f2c91a; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
Based on what you said, this email should be encrypted due to the originators domain, unless I have something wrong in the below configuration for the domain in djigzo:
Locality: Internal
Encrypt Mode: Force
Encryption notification: checkedPassword: blank
Password ID: blank
Validity Interval: 0
Send to originator: checkedS/MIME: not allowed
Subject trigger: not enabled
SMS: not enabled
PDF Encryption Allowed: checked
Max. message size: 52428800Advanced Settings:
PDF Reply Allowed: checked
Validity Interval: 1440
Reply URL and Reply Sender configured
--
Djigzo open source email encryption
Zitat von Brad Triem <brad(a)trinsictech.com>:
···
----- Original Message -----
On 09/18/2011 06:27 PM, Brad Triem wrote:
> Appears that didn't work. Below is the snippet from the djigzo
> maillog:
>
> Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A:
> from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
> Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from
> localhost.localdomain[127.0.0.1]
> Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A:
> to=<externaluser(a)externaldomain.net>,
> relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3,
> delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok
> 1316362805 qp 24043)
>
> The from= shows user(a)domain.com. But when I receive the email in
> my test external account, it shows the From and reply-to as
> user(a)encrypted.domain.com. When I look at the header of the
> email, at the very top it shows "Return-Path: user(a)domain.com".
>
> The mx records for encrypted.domain.com are set properly as well.
> Looking for a few more ideas or suggestions. Thanks again.Djigzo uses the "From" header for the identity of the sender. If
there
is no "From" header in the message. the envelope sender is used.
Sometimes the terms "from" and "sender" are used interchangeably. The
MPA logs therefore uses the term "originator" for the identity of the
sender. The originator by default uses the from header value.The MTA logs (i.e., the Postfix logs) only show the envelope sender.
The
envelope sender in the MTA logs is called "from". This is *not* the
from
header. To see which identity is used, you should look at the MPA
logs
(see the originator field).In your case I guess the originator is "user(a)encrypted.domain.com"
and
not "user(a)domain.com". You should therefore set all settings for the
sender on the encrypted.domain.com domain and not on the domain.com
domain.Hope this makes sense.
Kind regards,
Martijn Brinkers
The MPA log shows the following:
8 Sep 2011 11:20:03 | INFO checkSMIMESign | MailID:
ea7621fe-10ae-4f48-b888-c05532f2c91a; Originator:
user(a)encrypted.domain.com; Sender: user(a)domain.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]Based on what you said, this email should be encrypted due to the
originators domain, unless I have something wrong in the below
configuration for the domain in djigzo:Locality: Internal
Encrypt Mode: Force
Encryption notification: checkedPassword: blank
Password ID: blank
Validity Interval: 0
Send to originator: checkedS/MIME: not allowed
Huhh??
Should be allowed, no?
Regards
Andreas
I think he only wants to use PDF encryption. Or not?
Kind regards,
Martijn
···
On 01/-10/-28163 08:59 PM, Lst_hoe02(a)kwsoft.de wrote:
Zitat von Brad Triem <brad(a)trinsictech.com>:
----- Original Message -----
On 09/18/2011 06:27 PM, Brad Triem wrote:
> Appears that didn't work. Below is the snippet from the djigzo
> maillog:
>
> Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A:
> from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
> Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from
> localhost.localdomain[127.0.0.1]
> Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A:
> to=<externaluser(a)externaldomain.net>,
> relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3,
> delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok
> 1316362805 qp 24043)
>
> The from= shows user(a)domain.com. But when I receive the email in
> my test external account, it shows the From and reply-to as
> user(a)encrypted.domain.com. When I look at the header of the
> email, at the very top it shows "Return-Path: user(a)domain.com".
>
> The mx records for encrypted.domain.com are set properly as well.
> Looking for a few more ideas or suggestions. Thanks again.Djigzo uses the "From" header for the identity of the sender. If
there
is no "From" header in the message. the envelope sender is used.
Sometimes the terms "from" and "sender" are used interchangeably. The
MPA logs therefore uses the term "originator" for the identity of the
sender. The originator by default uses the from header value.The MTA logs (i.e., the Postfix logs) only show the envelope sender.
The
envelope sender in the MTA logs is called "from". This is *not* the
from
header. To see which identity is used, you should look at the MPA
logs
(see the originator field).In your case I guess the originator is "user(a)encrypted.domain.com"
and
not "user(a)domain.com". You should therefore set all settings for the
sender on the encrypted.domain.com domain and not on the domain.com
domain.Hope this makes sense.
Kind regards,
Martijn Brinkers
The MPA log shows the following:
8 Sep 2011 11:20:03 | INFO checkSMIMESign | MailID:
ea7621fe-10ae-4f48-b888-c05532f2c91a; Originator:
user(a)encrypted.domain.com; Sender: user(a)domain.com;
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]Based on what you said, this email should be encrypted due to the
originators domain, unless I have something wrong in the below
configuration for the domain in djigzo:Locality: Internal
Encrypt Mode: Force
Encryption notification: checkedPassword: blank
Password ID: blank
Validity Interval: 0
Send to originator: checkedS/MIME: not allowed
Huhh??
Should be allowed, no?
--
Djigzo open source email encryption
I'm re-reviewing my configurations but as you can see below, using mandatory didn't solve the problem at this point. I've got another domain that uses the subject trigger and it works fine. So I know the server encrypts.
18 Sep 2011 14:14:04 | INFO incoming | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; Remote address: xxx.xxx.xxx.xxx; Recipients: [externaluser(a)externaldomain.net]; Subject: testing encryption; Message-ID: <d23c6de4-0b91-4ad6-9201-39c1decddfb1(a)host.mailserver.com>; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO external | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO postDLP | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO checkForceEncryptHeader | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO checkEncryptMode | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO checkSMIME | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO checkPDFEncrypt | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO checkMustEncrypt | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
18 Sep 2011 14:14:05 | INFO The message could not be encrypted. The message will therefore not be sent. The sender will be notified. | MailID: 2237fffb-1f59-4a60-b5b1-52f767872de6; Originator: user(a)encrypted.domain.com; Sender: user(a)domain.com; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
Thanks again,
Brad
···
----- Original Message -----
You have set Encrypt Mode to "Force" but I think you need to set it
to
"Mandatory". In retrospect force should have been named differently.
If
you want to make encryption mandatory you should use mandatory.
Hopefully this helps.
Kind regards,
Martijn Brinkers
Andreas, no. I'm not using S/MIME encryption. Just PDF encryption for outbound specified transactions either by domain or by subject trigger.
···
----- Original Message -----
Zitat von Brad Triem <brad(a)trinsictech.com>:
> ----- Original Message -----
>> On 09/18/2011 06:27 PM, Brad Triem wrote:
>> > Appears that didn't work. Below is the snippet from the djigzo
>> > maillog:
>> >
>> > Sep 18 11:20:03 secure postfix/qmgr[9933]: DF40769B35A:
>> > from=<user(a)domain.com>, size=1753, nrcpt=1 (queue active)
>> > Sep 18 11:20:03 secure postfix/smtpd[8592]: disconnect from
>> > localhost.localdomain[127.0.0.1]
>> > Sep 18 11:20:05 secure postfix/smtp[8598]: DF40769B35A:
>> > to=<externaluser(a)externaldomain.net>,
>> > relay=mail.externaldomain.net[xxx.xxx.xxx.xxx]:25, delay=1.3,
>> > delays=0.01/0.01/0.63/0.61, dsn=2.0.0, status=sent (250 ok
>> > 1316362805 qp 24043)
>> >
>> > The from= shows user(a)domain.com. But when I receive the email in
>> > my test external account, it shows the From and reply-to as
>> > user(a)encrypted.domain.com. When I look at the header of the
>> > email, at the very top it shows "Return-Path: user(a)domain.com".
>> >
>> > The mx records for encrypted.domain.com are set properly as
>> > well.
>> > Looking for a few more ideas or suggestions. Thanks again.
>>
>> Djigzo uses the "From" header for the identity of the sender. If
>> there
>> is no "From" header in the message. the envelope sender is used.
>> Sometimes the terms "from" and "sender" are used interchangeably.
>> The
>> MPA logs therefore uses the term "originator" for the identity of
>> the
>> sender. The originator by default uses the from header value.
>>
>> The MTA logs (i.e., the Postfix logs) only show the envelope
>> sender.
>> The
>> envelope sender in the MTA logs is called "from". This is *not*
>> the
>> from
>> header. To see which identity is used, you should look at the MPA
>> logs
>> (see the originator field).
>>
>> In your case I guess the originator is "user(a)encrypted.domain.com"
>> and
>> not "user(a)domain.com". You should therefore set all settings for
>> the
>> sender on the encrypted.domain.com domain and not on the
>> domain.com
>> domain.
>>
>> Hope this makes sense.
>>
>> Kind regards,
>>
>> Martijn Brinkers
>>
>
>
> The MPA log shows the following:
>
> 8 Sep 2011 11:20:03 | INFO checkSMIMESign | MailID:
> ea7621fe-10ae-4f48-b888-c05532f2c91a; Originator:
> user(a)encrypted.domain.com; Sender: user(a)domain.com;
> (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]
>
> Based on what you said, this email should be encrypted due to the
> originators domain, unless I have something wrong in the below
> configuration for the domain in djigzo:
>
> Locality: Internal
> Encrypt Mode: Force
> Encryption notification: checked
>
> Password: blank
> Password ID: blank
> Validity Interval: 0
> Send to originator: checked
>
> S/MIME: not allowed
Huhh??
Should be allowed, no?
Regards
Andreas
Did you override any settings of the recipient domain? (or the global
domain)?
Appendix E of the administration guide contains the complete mail flow.
Can you follow that step by step to see why it doesn't encrypt?
Kind regards,
Martijn
···
On 09/18/2011 09:22 PM, Brad Triem wrote:
------------------------------------------------------------------------
You have set Encrypt Mode to "Force" but I think you need to set it to
"Mandatory". In retrospect force should have been named differently. If
you want to make encryption mandatory you should use mandatory.Hopefully this helps.
Kind regards,
Martijn Brinkers
I'm re-reviewing my configurations but as you can see below, using
mandatory didn't solve the problem at this point. I've got another
domain that uses the subject trigger and it works fine. So I know the
server encrypts.
--
Djigzo open source email encryption
Ah, thank you Martijn. The flow diagram allowed me the insight I needed to solve the problem. I had the recipients on "no encryption" due to some previous configurations I did to use "subject tagging" only when I originally set this up. Thanks for being so responsive and I'll do better to review your well documented flow diagrams in the future.
Brad
···
----- Original Message -----
Did you override any settings of the recipient domain? (or the global
domain)?
Appendix E of the administration guide contains the complete mail
flow.
Can you follow that step by step to see why it doesn't encrypt?
Kind regards,
Martijn
I hesitate to wade in here because I know so little, but why is the return
address being set at user(a)domain.com? I suspect it is being handed to Djigzo
with that set wrong and therefore not coming back with the right domain.
···
On Sunday, September 18, 2011, Martijn Brinkers wrote:
On 09/18/2011 09:22 PM, Brad Triem wrote:
> ------------------------------------------------------------------------
>
> You have set Encrypt Mode to "Force" but I think you need to set it
> to "Mandatory". In retrospect force should have been named
> differently. If you want to make encryption mandatory you should use
> mandatory.
>
> Hopefully this helps.
>
> Kind regards,
>
> Martijn Brinkers
>
> I'm re-reviewing my configurations but as you can see below, using
> mandatory didn't solve the problem at this point. I've got another
> domain that uses the subject trigger and it works fine. So I know the
> server encrypts.Did you override any settings of the recipient domain? (or the global
domain)?Appendix E of the administration guide contains the complete mail flow.
Can you follow that step by step to see why it doesn't encrypt?Kind regards,
Martijn
--
Nancy Anthracite
Although in most cases, the from (header) is equal to the (envelope)
sender address but this is not always the case. For example when a
message is forwarded by a forwarding server, the forwarder uses a
different envelope sender to make sure that bounces are handled by the
forwarder. I'm not sure whether the topic starter uses a different
domain for the from but this should not be a problem. Djigzo will only
look at the from to determine who sent the message.
Kind regards,
Martijn Brinkers
···
On 09/19/2011 04:45 AM, Nancy Anthracite wrote:
I hesitate to wade in here because I know so little, but why is the return
address being set at user(a)domain.com? I suspect it is being handed to Djigzo
with that set wrong and therefore not coming back with the right domain.
--
Djigzo open source email encryption